Hello,

I'm having trouble with the precondition field of a fileobject. I've got a fileobject (a PDF-file) and its precondition field states myPrecondition, which is a DTML Method and its code is:


<dtml-with "REQUEST['PARENTS'][0]">
<dtml-if expr="_.SecurityGetUser().has_role(['Bobo']) != 1">
<dtml-raise Unauthorized></dtml-raise>
</dtml-if>
</dtml-with>

(source: http://www.zopelabs.com/cookbook/1016369692)

The PDF-file should only be displayed when an user has role Bobo. If the user doesn't have the role, an user authentication screen (login screen) is displayed. The Method only works when the browser cache is empty or the file hasn't been openend yet by an user with Bobo-role. I'll explain the situations, both are on localhost.
Situation I:
- Browser cache is empty.
- User without Bobo-role logs in and opens the PDF-file by entering its URL in the browser and gets the login screen.

So far so good.

Situation II:
- User with Bobo-role logs in and opens the PDF-file by entering its URL in the browser and the file is being displayed.
- Close browser.
- User without Bobo-role logs in and opens the PDF-file by entering its URL in the browser and the file is being displayed.

Not so good. The user without Bobo-role in situation II should get a login screen. Apparently because the file is in the browser cache, the user is authenticated.

Does anybody know a solution to this problem or some other solution for allowing access to a fileobject depending on the role an user has?

Note: Using the security setting and assigning roles is not an option because the fileobject is recreated every night.

Kind regards,

Leandros
-- The Netherlands
_______________________________________________
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to